Show Posts

Topics - abantecart

Pages: 1 2 3 [4] 5
Security / Light cross-site scripting vulnerability fix
« on: February 16, 2013, 02:55:47 PM »
Light cross-site scripting vulnerability has been detected in AbanteCart.
Detected vulnerability does not cause any harm to AbanteCart or content.
To fix the problem, please read below.

Effected versions: Up to 1.1.3

About Risk:  This is a low risk cross-site scripting vulnerability. Not potential harm to code, database or server structure.

About the fix:
Fix is only 1 file that can be replaces or change manually
Option 1 (version 1.1.3):
Locate file: /core/engine/html.php  and replace with attached file

Option 2 (prior to version 1.1.3)
Locate and open file: /core/engine/html.php    
Locate  below code (about line # 114)

Code: [Select]
public function removeQueryVar($url, $vars) {
list($url_part, $q_part) = explode('?', $url);
parse_str($q_part, $q_vars);
if (!is_array($vars)) {
$vars = array( $vars );
foreach ($vars as $v)
unset($q_vars[ $v ]);

$new_qs = urldecode(http_build_query($q_vars));
return $url_part . '?' . $new_qs;

Replace with below code:

Code: [Select]
public function removeQueryVar($url, $vars) {
list($url_part, $q_part) = explode('?', $url);
parse_str($q_part, $q_vars);
if (!is_array($vars)) {
$vars = array( $vars );
foreach ($vars as $v)
unset($q_vars[ $v ]);

foreach ($q_vars as $key => $value)
$q_vars[$key] = $this->request->clean($value);

$new_qs = urldecode(http_build_query($q_vars));
return $url_part . '?' . $new_qs;

This issue is toughly addressed and eliminated in coming version of AbanteCart

FAQ & Tutorials / Quick Help Videos
« on: February 04, 2013, 02:58:31 AM »
Sometimes it is easier to see once than read or hear few times :)

We have create few videos with some interesting features in AbanteCart that is hard to explain in a simple way.

Check our youtube videos and subscribe to get updates on new videos added.


Quick search and auto-suggest


And more

New Features Discussion / MOVED: My opinions
« on: January 23, 2013, 03:04:00 AM »

News and Announcements / Need help with setting up unit testing
« on: January 20, 2013, 11:42:08 AM »
Anyone who has experience with setting up unit testing or selenium, please help.

AbanteCart project at the stage where we need to control the quality of future development and setup automated unit testing and visual testings.

We picked PHPinit for code unit testing and selenium for automated visual testing

Anyone with experience and willing to help, please PM me for further discussion

Opinions / Split Payment for checkout and account deposit/credit
« on: January 10, 2013, 02:20:58 AM »
Some eCommerce sites offer feature to pay for the order with multiple payments. Considering that some orders might be large amount or if gift cards or some other fixed funds payments are used.
In addition, account credit can be offered to deposit funds into account and use of them towards new orders.

Please vote if you think this feature is important or not

News and Announcements / AbanteCart project needs your help
« on: December 07, 2012, 01:49:09 PM »
While we are working hard on new features development for AbanteCart we need help with some other areas.

We are looking for contributor into our project to help improve and possibly take complete ownership of AbanteCart project marketing.

If you have experience in marketing of open source projects and interested please PM.

News and Announcements / New Site for User and Developer API manuals
« on: December 07, 2012, 01:38:54 PM »
We are in the process of improving our documentation site and built new easy to use interface with user manuals, developer API and community extension management site.


- Easy to navigate manual and easy to read on mobile and regular computers (responsive)
- Collaborative, so readers can post comments
- Secure

Thinking to use WordPress.

Any ideas or suggestions?


We are looking for open source frontend  JavaScript developer to help with AbanteCart project.
Primarily, we need help with taking ownership of new administration interface for AbanteCart that is currently in the design stage. 

We need candidate to have experience with responsive web development and multiple browsers support as well as solid knowledge of JavaScript and HTML5

Please PM if your interested to work on our team and help rapidly growing AbanteCart project.

Feedback / Share your success with AbanteCart
« on: November 13, 2012, 01:07:49 PM »
We are welcoming AbanteCart users to let us know about how you use your AbanteCart for your business.

Post your AbanteCart sites and share your success stories with other users 

We will post your feed back on our site.

Extensions and Add-Ons / Faster way to build extensions in AbanteCart
« on: November 13, 2012, 01:02:24 PM »
Attention Extension Developers!

Please try "Extension Developer Tools". These tools will help you build extension faster and avoid dealing with manual process of files and directories creations. You can build language definitions with these tools as well.

Lear more:

Any contribution to future expansion of these tools are welcome!!

Support / AbanteCart Version 1.1 Release
« on: August 03, 2012, 07:53:47 AM »
- Quick autosuggest in the admin search. Click within autosuggest window lead to dialog with quick preview and edit in the section
Two types of dialogs: 1. Quick Preview (orders, products, customers, etc) 2. Quick edit (Language definitions, settings, etc)
- Stock QTTY request for API
- New Settings tab for API settings ( including on/off for QTY check)
- Setting to auto disable product if QTY drops to 0
- Setting in the product "Allow Backorder". This will enable/disable adding product to the cart if QTY is 0
- Disable section in layout if main section blocks are missing and show message (example: if footer_top is missing in new template or deleted from DB)
- Find solution to save blocks in the slot they saved. (no skipping of empty slots)
- Add browser detection metod to HTML class. We already have a script if needed.
- Add search/filtering for blocks by name and type. Provide quick access to block list by providing name (access to filtered list based URL). This can be helpful in other areas.

- Review Settings sections and organize it better. (add single setting edit in ALL section, possibly in popup dialog)

- Bug fixes.

General Discussion / members?
« on: June 27, 2012, 10:01:13 AM »
Are there any AbanteCart users with good rep at ?

We need help. PM me


Extensions and Add-Ons / Extention that creates extensions
« on: June 15, 2012, 12:15:12 PM »
Let's make development of extensions easier and fun. 

To simplify the process of creating base shell of AbanteCart extension we are working on "Extension Generator" extension.

Main features:
 - Create correct files and directories
 - Upload extension icon
 - Create help texts and manuals

This is a draft and more features are coming.

Post your suggestions or opinions here. 

News and Announcements / AbanteCart is now on Github
« on: June 13, 2012, 08:28:13 AM »

We are excited to announce a set up of AbanteCart source code on popular repository site Github.

Anybody can access the source code by following this link:

Stable (production) version sources code is located on Master Branch. There will be one or more branches for new versions in working state.

Pages: 1 2 3 [4] 5

Powered by SMFPacks Social Login Mod